What The Hack Is This ???

Discussion in 'other firewalls' started by mehmet35, Nov 22, 2010.

Thread Status:
Not open for further replies.
  1. mehmet35

    mehmet35 Registered Member

    Joined:
    Nov 22, 2010
    Posts:
    4
    Hi dear forum members. Today i have encountered that one of my ZoneAlarm Pro firewall logs include extraordinary data. And i have about 46 mb of text file for just one day. It is like this:

    Code:
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A
    Security settings:
    Logging Level:High
    Allow Vpn protocols: Disabled
    Filter ip traffic over 1394: Enabled

    I have about 46 mb of text data for just one day.
    Is this a connection type other than udp or tcp?
    Or is this just an internal type of activity?
    Or Is this some type of undetectible remote connection ?

    Thanks for every person who really knows what this is, and helps.

    My regards.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    Hi!
    ACCESS means "an application was blocked because it did not have access permission"

    But you are missing the program name and the IP. The logs seems incomplete or could be a system call blocked. May be a badly set ZAPRO or with corrupted settings?

    For an help in interpreting the logs you can see here.

    Cheers,
    Fax
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Just taking a stab, but when I saw the file growth for one day, I figured it wouldn't hurt to post a link to this...
    tvDebug.log file gone nuts in ZAP .
    I'm not running ZAP any longer, so forgive me if I am way off base. :)
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    This could be the case only if the OP is running a ZA 9.1 version. This issue was otherwise fixed before last summer.... :) btw, tvdebug does not contains the ZA logs as described above....
     
    Last edited: Nov 22, 2010
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Like I said... a stab.
    I knew you would sort it out. ;)
     
  6. mehmet35

    mehmet35 Registered Member

    Joined:
    Nov 22, 2010
    Posts:
    4
    So,

    "ACCESS" means : an application was blocked because it did not have access permission.

    That's really good for calming down.
    The interesting issue is, just the log file with "txt" extension had grown 46 mb and other day's log files are at most 8 mb. That's really weird.
    46 mb file is not tvdebug.log. İt is ZALog2010.11.12.txt.
     
    Last edited: Nov 22, 2010
  7. mehmet35

    mehmet35 Registered Member

    Joined:
    Nov 22, 2010
    Posts:
    4
    Yes i guess this is a system call block. But why is there no file or program name
    That's weird too. Because some of other lines contain "blocked program name"
     
  8. mehmet35

    mehmet35 Registered Member

    Joined:
    Nov 22, 2010
    Posts:
    4
    So we are sure that whatever this was, it was blocked. Right?
    "ACCESS,2010/11/12,17:39:24 +2:00 GMT,,N/A,N/A"

    No other possibility that access was granted.

    Thanks to all of the repliers.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    Yes, blocked.
    You're welcome. :)
     
Loading...
Thread Status:
Not open for further replies.